- Law 29/2021, of 28 October, Qualified on the Protection of Personal Data of the Principality of Andorra (hereinafter, the LQPD),
- Decree 391/2022, of 28-9-2022 approving the Regulations implementing the LQPD, and
- Regulation (EU) 679/2016 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, “the GDPR”).
In general, it is you who directly provides us with your personal data, for example, through the forms found on this website. The only exceptions to this rule are:
- Your identification data, in case you decide to log in using your Facebook account (which acts as an identity provider) instead of filling in the registration form;
- Your voice and/or your image, where they may be collected by our video surveillance cameras;
- Data provided to us by third parties who book or purchase our products or services on your behalf (as a beneficiary);
- Contact details provided to us by our service and product providers where you represent them;
- Details of the products you purchase by showing one of our loyalty cards;
- The last four digits of your credit card, which together with the purchase amount and the transaction number is returned to us by our payment service provider in case you wish to query or revoke the transaction;
- Photographs or videos of events that we organise or in which we participate, and in which you may appear;
- Photographs, texts or other media that the author may submit for publication on our website or our social networks, usually within the framework of a participatory process, in accordance with the relevant terms and conditions, and therefore with your consent.
- Images or other personal data corresponding to any news item in which we consider that the public interest, our obligation of transparency and the right to information prevail over the possible interests of the persons whose image or other personal data is published on our website or social networks;
- Images that correspond to any content on the website to which we have the corresponding rights;
- Personal data about you that may appear in emails and instant messaging that we receive, or through forms on our website; and
- To complete the check-in and check-out;
- To make copies of all guests’ identity documents available to law enforcement authorities for a period of one year;
- To process your promotional codes and payments;
- Provide you with a consistent and personalised service, advising you on the services you can enjoy in our facilities (based on your previous use or preferences you have communicated to us);
- To provide you with luggage storage, safe deposit and parking services;
- Purchase or book services offered by third parties, when you request us to do so and on your behalf (for example, to coordinate excursions and other sightseeing tours, to arrange taxis or chauffeur-driven vehicles for you, and to facilitate restaurant and event reservations);
- Manage and provide you with access to Wi-Fi, television and other connectivity services (including access to business centre services such as fax and photocopying facilities) and entertainment systems (such as PlayStation or video-on-demand);
- Providing you with in-room catering (including respecting any dietary restrictions, health or other personal needs you communicate to us);
- Provide you with room service (including room cleaning, laundry services, and anything else you may request for your convenience that we can provide, such as a cushion, duvet or mobile phone charger);
- Collect and sometimes publish your feedback about the hotel on our website.
- Collect the tourist tax and, if applicable, the cancellation fee for your booking.
- Handle your other requests and enquiries, or your complaints and suggestions; and
- Determine your eligibility for age-restricted products and services (such as alcohol or in-room adult entertainment).
- We perform “due diligence” in order to better advise you regarding the fixed or variable capital investment of the deposit you made (or will make) on behalf of OUTNORDTRAVEL, and to tailor it to your investment and risk profile and the risk of the fund, diversifying the investment; and
- We fill in KYC (Know Your Customer) forms, the main purpose of which is to prevent natural or legal persons from using legitimate services to engage in illegal activities.
- Demographics (age, gender, etc.)
- Interests (activities, hobbies, etc.)
- What they buy online and through other channels.
- If you ask us to do so yourself.
- We are legally obliged to do so.
- It is necessary so that, in accordance with the terms and conditions of use of our cards, a merchant associated with our benefit programmes can give you the benefit you are entitled to for your purchase when you show them our card.
- As necessary to enforce the terms and conditions of our products and services, including investigation of possible violations.
- Is necessary to detect, prevent or otherwise address fraud, security or technical problems.
- We act as an intermediary, for example, when we need to make a booking on your behalf (for example, at a hotel).
- You contract our products or services through intermediaries (for example, a travel agency) to whom we must deliver products or services they have purchased on your behalf, either with the consent you have given them, because they legally represent you, or because you have explicitly authorised us to do so.
- We need to protect your rights, ours, those of our employees or those of third parties (which may require disclosure to the police for security purposes or to health authorities to prevent the spread of disease, e.g. for contact tracing purposes). For example: – If our video surveillance cameras record a theft from our premises, or. – If a third party requests video surveillance images from us on the basis of their legitimate interest in seeking legal protection in respect of the commission of a criminal offence or compensation for damages evidenced by the transferred images, and with a commitment by the third party to use them exclusively for the reporting of this offence or for the claim for damages suffered, and reducing the transfer of images to the minimum and indispensable to fulfil the intended purpose.
- A company subcontracted by us needs to process them on our behalf (for example, the company that provides us with the services of the Data Protection Officer, and that must deal with your requests for rights); always under the terms and conditions of the corresponding data processor contract.
- A company subcontracted by us may have access to personal data held on our site or in our systems from time to time, even though they do not need to process it on our behalf. This is the case, for example, of the web development and maintenance company or some of the services of our IT service providers. Because they may have access to OUTNORDTRAVEL data, they have signed a service contract that obliges them to maintain the same level of privacy that we have in OUTNORDTRAVEL.
- We need to protect or defend the rights or property of OUTNORDTRAVEL.
- Access to your personal data.
- Rectification of any of your personal data, specifying the reason.
- Deletion of any or all of your personal data.
- Limitation of the processing of your data, specifying the reason for the limitation.
- Opposition to the processing of your personal data.
- Portability of your data when the legitimate basis for the collection has been consent or a contract.
- The right not to be subject to automated individual decisions.
- By sending a written request to OUTNORDTRAVEL, addressed to our postal address indicated in section 2 of this policy, indicating a means of contacting you so that we can respond to your request, or ask you for further information if necessary. We would appreciate it if you would mark on the envelope “Exercise of Personal Data Protection Rights”.
If you have any questions about this policy, please let us know by emailing us at DPDextern@win2win.ad.
Last updated: 1 March 2023